Splunk 4.0.4 released
Splunk released Splunk 4.0.4 which improves an organization’s ability to manage, secure and audit their entire IT infrastructure.
Resolved general issues
- This release contains numerous localization and internationalization fixes, extensions, and improvements.
- Splunk now runs correctly on unpatched versions of AIX 5.2.
- Splunk now reads tsidx files originally created in version 2.x correctly.
- An issue related to moving data buckets from ‘cold’ state to a ‘frozen’ state has been resolved.
- An issue with cold-to-frozen script failing has been resolved.
- DATETIME_CONFIG=CURRENT is now respected for files whose names include the date.
- An error involving out of range cron values when editing a saved search has been resolved.
- An issue with corrupted tcpout_connections messages in metrics.log has been resolved.
- An issue with the “business_week_to_date” timerange and timezones ahead of GMT has been resolved.
- An intermittent issue with AD LDAP auth not returning all the users when realNameAttribute = cn has been resolved.
- Running clean globaldata now correctly deletes the files under fishbucket/db/.
- The export eventdata command now functions correctly.
- The interactive field extractor now correctly escapes pipes (|) in the regex.
- An issue with sample events being overwritten in the interactive field extractor has been resolved.
- The ‘delete’ operator now works correctly on events timestamped in the future.
Resolved Splunk Web and Manager issues
- The timeline scale has been reinstated in Splunk Web.
- Results are no longer sent as part of an alert email when the box is unchecked in Manager.
- Firebug logging is less noisy.
- Clicking through transaction results no longer breaks the search string.
- The timerange calendar popup in Splunk Web now uses the server timezone (not the browser timezone).
- The indexing status dashboard now includes a module with information about license usage.
- The show source feature now works.
- Usernames are no longer case-sensitive in Splunk Web.
- Finalizing a search on the job status page in Manager now works immediately.
- Default time range options now display more compactly in Splunk Web.
- Issues with seemingly random Splunk Web timeouts have been resolved.
- The interface for restricting TCP inputs to one host has been added back into Manager.
- Disabling and re-enabling Splunk Web from the CLI now works correctly.
- Occasional “Timed out waiting for splunkweb to start” issue on 32-bit Solaris has been resolved.
- Changing the timerange on a search that has been run via a permalink no longer runs a search for.
- The automatic source type option is no longer erroneously available in Manager for network inputs (UDP, TCP).
- The Help link for the launcher now works in Firefox 3.5.
Resolved deployment server/client, and forwarder issues
- Enabling SplunkForwarder, SplunkLightForwarder, SplunkDesktop no longer disables deployment server and client functionality.
- Deployment server now deploys to NATed clients.
- An issue with deployment clients not picking up Apps from deployment server has been resolved.
- New versions of Apps are now correctly deployed; default.meta is correctly overwritten.
- Deployment server now respects permissions of deployed files.
- The “round robin” forwarder configuration now supports SSL.
- The syslog routing forwarder configuration is now working properly.
- The syslog routing forwarder configuration no longer appears to send an extra event to the syslog receiver (an empty line).
Resolved Windows-specific issues
- Splunk Web no longer shuts down when a user logs out of Windows.
- Splunk properly completes the uninstall when uninstalling on Windows 7.
- An issue with not being able to enable just WMI inputs during a commandline install has been resolved.
- Adding an input in Splunk Web on Windows now formats the stanza correctly in inputs.conf.
- Windows event log events are formatted correctly when viewed in Firefox.
- A crash on Windows related to changing Windows Event Log inputs while Security logs are being processed has been resolved.
- Disabling Windows Event Log inputs in Manager no longer throws an exception.
- Windows events now correctly display the “Event ID” label instead of “Event Code”.
- A crash on Windows when removing TCP inputs using Manager has been resolved.
- Active Directory monitoring (ADmon) now respects the targetDC value specified in admon.conf.
Resolved app and app development issues
- The Windows App now uses summary indexing for front page displayed searches. This improves the performance.
- The Windows App has been updated to remove event types and searches that are not applicable to some Windows platforms.
- Enabling the *Nix App on a Windows host does not throw a “There is no query runner registered” error and will allow searching.
- An issue with enabling previously disabled deployed Apps has been resolved.
- An issue with usage of vmstat.sh in the *Nix App on Solaris 9 has been resolved.
- Display organization of available views is now configurable the way it is for saved searches.
- Improperly structured XML in dashboards no longer causes tracebacks.
- Scripts that run as part of an App are now stopped when you disable the App.